PT-2004-3618 · Hummingbird · Hummingbird Connectivity

Published

2004-12-31

Updated

2017-07-29

CVE-2004-2728

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Hummingbird Connectivity versions 7.1 through 9.0

Description The issue is related to a buffer overflow in the FTP server, which can be triggered by remote, authenticated users. This occurs when a long argument is sent to the XCWD command, resulting in a denial of service, specifically causing the application to crash.

Recommendations For Hummingbird Connectivity versions 7.1 through 9.0, consider restricting access to the FTP server until a fix is available, and avoid using long arguments with the XCWD command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2004-2728

Affected Products

Hummingbird Connectivity

PT-2004-3618 · Hummingbird · Hummingbird Connectivity

CVE-2004-2728

Weakness Enumeration

Related Identifiers

Affected Products

References · 7